package com.ihep;

import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;

/**
 * RSA签名验签类
 */
public class RSASignature {

    /**
     * 签名算法
     */
    public static final String SIGN_ALGORITHMS = "SHA1WithRSA";

    /**
     * RSA签名
     *
     * @param content    待签名数据
     * @param privateKey 商户私钥
     * @param encode     字符集编码
     * @return 签名值
     */
    public static String sign(String content, String privateKey, String encode) {
        try {
            PKCS8EncodedKeySpec priPKCS8 = new PKCS8EncodedKeySpec(Base64.decode(privateKey));

            KeyFactory keyf = KeyFactory.getInstance("RSA");
            PrivateKey priKey = keyf.generatePrivate(priPKCS8);

            java.security.Signature signature = java.security.Signature.getInstance(SIGN_ALGORITHMS);

            signature.initSign(priKey);
            signature.update(content.getBytes(encode));

            byte[] signed = signature.sign();

            return Base64.encode(signed);
        } catch (Exception e) {
            e.printStackTrace();
        }

        return null;
    }

    /**
     * 功能描述：私钥签名
     *
     * @param content    明文数据，以字符串形式存在
     * @param privateKey 字符串私钥
     * @return String 签名后的结果
     * @author cakin
     * @date 2020/11/12
     */
    public static String sign(String content, String privateKey) {
        try {
            PKCS8EncodedKeySpec priPKCS8 = new PKCS8EncodedKeySpec(Base64.decode(privateKey));
            KeyFactory keyf = KeyFactory.getInstance("RSA");
            PrivateKey priKey = keyf.generatePrivate(priPKCS8);
            // 这里签名使用的是 SHA1WithRSA
            java.security.Signature signature = java.security.Signature.getInstance(SIGN_ALGORITHMS);
            // 以私钥字符串初始化签名
            signature.initSign(priKey);
            // 将原始串注入签名中
            signature.update(content.getBytes());
            // 签名后的结果，以字符数组形式存在
            byte[] signed = signature.sign();
            // 签名后的结果,以base64编码形式存在
            return Base64.encode(signed);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }

    /**
     * RSA验签名检查
     *
     * @param content   待签名数据
     * @param sign      签名值
     * @param publicKey 分配给开发商公钥
     * @param encode    字符集编码
     * @return 布尔值
     */
    public static boolean doCheck(String content, String sign, String publicKey, String encode) {
        try {
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            byte[] encodedKey = Base64.decode(publicKey);
            PublicKey pubKey = keyFactory.generatePublic(new X509EncodedKeySpec(encodedKey));


            java.security.Signature signature = java.security.Signature
                    .getInstance(SIGN_ALGORITHMS);

            signature.initVerify(pubKey);
            signature.update(content.getBytes(encode));

            boolean bverify = signature.verify(Base64.decode(sign));
            return bverify;

        } catch (Exception e) {
            e.printStackTrace();
        }

        return false;
    }

    /**
     * 功能描述：公钥校验签名
     *
     * @param content   签名原串
     * @param sign      签名串
     * @param publicKey 公钥字符串
     * @return boolean 校验是否成功
     * @author cakin
     * @date 2020/11/12
     * @description:
     */
    public static boolean doCheck(String content, String sign, String publicKey) {
        try {
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            byte[] encodedKey = Base64.decode(publicKey);
            PublicKey pubKey = keyFactory.generatePublic(new X509EncodedKeySpec(encodedKey));
            // 使用 SHA1WithRSA 签名算法
            java.security.Signature signature = java.security.Signature
                    .getInstance(SIGN_ALGORITHMS);
            // 用公钥初始化签名校验
            signature.initVerify(pubKey);
            // 原始串注入签名校验中
            signature.update(content.getBytes());
            // 验证签名结果
            boolean bverify = signature.verify(Base64.decode(sign));
            // 返回签名是否成功
            return bverify;
        } catch (Exception e) {
            e.printStackTrace();
        }
        return false;
    }
}
